SiteAgent for Aura
SiteAgent is the bridge between your WordPress sites and the Aura infrastructure dashboard — a unified control center for teams managing multiple WordPress sites alongside servers, CDN, and DNS. Install this plugin on any WordPress site to unlock remote management capabilities directly from Aura — no SSH, no wp-admin juggling, no manual logins. What You Can Do Monitor site health — See WordPress version, PHP version, installed plugins & themes, database info, and disk usage in real time. Update plugins, themes & core remotely — Push updates to any connected site from the Aura dashboard, no wp-admin login. Safe batch updates with auto-rollback — Run chunked updates with health checks; if an update breaks the site, the plugin restores the previous version automatically. Per-plugin rollback — Every update is zip-snapshotted first; restore any plugin to its last good state on demand. Bulk translation & database upgrades — Update all language packs and run WordPress database migrations remotely. One-click connect (magic link) — Connect a site to Aura straight from wp-admin — no manual token copy/paste. AI-agent ready (18 MCP tools) — Exposes machine-readable, JSON-schema tools for AI-driven management, including SEO/accessibility/performance/broken-link auditors and on-site SEO-meta read/write (Rank Math, Yoast, SEOPress). Read tools run on demand; mutating tools are approval-gated through Aura, and every call is audited. Zero frontend impact — The plugin only registers REST API endpoints. No scripts, no styles, no database queries on visitor-facing page loads. How It Works After activation, click Connect to Aura on the Settings → SiteAgent page for a one-click magic-link connection, or copy the Site Token shown once and paste it into your Aura dashboard manually. From that point, Aura communicates with your site over a signed, authenticated REST API to pull health data and push updates. Security Defence-in-depth protects every request: WordPress Application Password — Standard WordPress auth with capability checks (manage_options / update_*). Only authorized administrators can trigger actions. Hashed Site Token — A per-site token sent via the X-Aura-Token header. Only a SHA-256 hash is stored (never the raw token), compared timing-safely. Tokens from older versions migrate to a hash automatically. Brute-force throttling — Repeated bad-token attempts from an IP are blocked. Signed magic-link connect — The onboarding callback is HMAC-signed with a one-time secret and timestamp, so the token exchange can’t be hijacked or replayed. IP / Domain allowlist (optional) — Restrict API access to your Aura instance, with Cloudflare and reverse-proxy header support. You can rotate the token anytime from Settings → SiteAgent → Regenerate Token. REST API Endpoints Core endpoints under /wp-json/aura/v1/: GET /status — Full site health report GET /updates — Check available updates (core, plugins, themes, translations) POST /update/core / /update/plugin / /update/theme / /update/translations — Apply updates POST /update/database — Run WordPress database upgrades POST /connect — Magic-link token exchange (public, HMAC-signed, 10-minute expiry) Version 2 endpoints under /wp-json/aura/v2/: GET /health — HTTP, PHP fatal, white-screen and DB connectivity checks POST /update/batch — Chunked batch updates with auto-rollback on health failure POST /rollback/{plugin} — Restore a plugin from its most recent backup MCP tools under /wp-json/aura/mcp/: POST /tools/list / POST /tools/execute — Enumerate and run AI-agent tools GET /context — Full site context for AI decision-making AI Agent Tools (MCP) SiteAgent ships 18 built-in tools for AI agents. Read tools return information and run on demand; write tools change the site and are queued for human approval through Aura — an agent can never silently mutate a production site. Read tools: get_site_context — WordPress/PHP/theme/plugin/disk/performance snapshot with detected issues get_database_info — Database size, largest tables, autoloaded-options weight, expired transients scan_security — Scored security posture (file-edit lockdown, debug exposure, SSL, default admin/prefix, open registration, PHP version) scan_seo — SEO posture (search-engine visibility, permalinks, XML sitemap, site title) plus a sampled content audit (thin content, missing excerpts/featured images) scan_a11y — Accessibility audit over sampled content (images missing alt text, non-descriptive link text, heading structure, document language) perf_check — Performance posture (persistent object cache, OPcache, page-cache plugin, PHP version, autoload weight, active plugin count, memory limit) scan_broken_links — Link triage over a content sample with no outbound HTTP (empty/anchor-only links, dev/staging hosts, unresolved internal links) list_users — Users with roles and post counts, administrators flagged (never returns secrets) check_health — Live health gate: HTTP status, PHP fatals, white-screen, database connectivity scan_error_log — Tails and severity-groups the error log, surfacing recent fatals check_vulnerabilities — Plugins/themes checked against the WordPress.org vulnerability database get_seo_meta — Read a post/page’s SEO title, description, and focus keyword from the active SEO plugin (Rank Math, Yoast, or SEOPress) Write tools (approval-gated): update_plugin_safely — Backup, update, health-check, auto-rollback on failure clear_caches — Flush object/opcode caches and detected page-cache plugins cleanup_transients — Remove expired transients to reduce autoload bloat cleanup_orphaned_assets — Find and remove unused media (dry-run by default) backup_plugins — Zip-snapshot one or all active plugins as a rollback safety net set_seo_meta — Write a post/page’s SEO title / description / focus keyword on the active SEO plugin (Rank Math, Yoast, or SEOPress) — on-site, so it works even when a WAF blocks the plugin’s own REST endpoint Tools are classified by verb so the Aura Fleet gateway applies the right risk and approval policy automatically. About Aura Aura is a full-stack operations dashboard by Digitizer that brings servers, applications, DNS zones, and CDN pull zones from Cloudways, Hostinger VPS, Cloudflare, and Bunny.net into a single unified interface. SiteAgent extends that reach into every WordPress installation — so you can manage your entire infrastructure, including WordPress sites, from one place. Free to Use The plugin is completely free and open source (GPLv2+). You need a free or paid Aura account to connect your sites. Sign up at my-aura.app. Links Aura Dashboard Documentation GitHub Repository Digitizer
Top keywords
- aura18×1.89%
- site14×1.47%
- update13×1.36%
- wordpress12×1.26%
- database10×1.05%
- post10×1.05%
- seo9×0.94%
- token9×0.94%
- health8×0.84%
- updates8×0.84%
- connect6×0.63%
- php6×0.63%